AI Threat Alert

CVE-2026-32031

MEDIUM
Published March 19, 2026

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending requests...

Full CISO analysis pending enrichment.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
OpenClaw pip No patch
4 dependents 37% patched ~3d to patch Full package profile →

Do you use OpenClaw? You're affected.

How severe is it?

CVSS 3.1
4.8 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC High
PR None
UI None
S Unchanged
C Low
I Low
A None

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-32031?

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending requests with alternative path encodings to access protected plugin channel APIs without proper gateway authentication.

Is CVE-2026-32031 actively exploited?

No confirmed active exploitation of CVE-2026-32031 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-32031?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-32031?

CVE-2026-32031 has a CVSS v3.1 base score of 4.8 (MEDIUM).

What are the technical details?

Original Advisory

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending requests with alternative path encodings to access protected plugin channel APIs without proper gateway authentication.

Weaknesses (CWE)

CWE-288 Authentication Bypass Using an Alternate Path or Channel

CWE-288 — Authentication Bypass Using an Alternate Path or Channel: The product requires authentication, but the product has an alternate path or channel that does not require authentication.

  • [Architecture and Design] Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Timeline

Published
March 19, 2026
Last Modified
June 23, 2026
First Seen
June 23, 2026

Related Vulnerabilities

CRITICAL CVE-2026-33579 9.9

Analysis pending

Same package: openclaw
CRITICAL CVE-2026-32922 9.9

Analysis pending

Same package: openclaw
CRITICAL CVE-2026-30741 9.8

OpenClaw: RCE via request-side prompt injection

Same package: openclaw
CRITICAL CVE-2026-53838 9.8

OpenClaw: approval scope bypass via reconnection state

Same package: openclaw
CRITICAL CVE-2026-32038 9.8

Analysis pending

Same package: openclaw
Back to Threat Feed